Skip to main content

Latest iPhone Update Ensures Photos Can’t Be Accessed Without Passcode

By April 13, 2016March 6th, 2023Blog, Cybersecurity

latest_iphone_update_ensures_people_canApple reports that it has fixed a security issue you may not have known existed. The problem occurred only with the iPhone 6 and 6s Plus devices, and was specific to images. Here’s how it worked, prior to the fix:

Your phone, as you know, has a lock screen. Your phone also has Siri. Siri can be accessed even when the phone is locked.

Prior to the fix, if you requested that Siri do an image search based on file names containing the “@” symbol in Twitter, Facebook, or Yahoo. This, of course, will result in an email address being found. Using the 3d Touch menu, a user could, at that point, bring up a contextual menu for that item, which would offer to add the address to your address book.

At this point, even though the phone is locked, the hacker has access to your address book in its entirety, because all he would have to do is search on just the “@” symbol, and it would show all email addresses in the phone.

Additionally, the hacker would also have access to your photos, because one of the things you can do when in the address book is to set an image association with a given address book entry. Needless to say, this is not at all what was intended, and the company took immediate steps to prevent any of this from occurring as soon as it came to light that it was possible.

The problem was initially discovered by the German security firm, Evolution Security, so kudos to them for good sleuthing, and kudos to Apple for their quick response. Unfortunately, this was not the first bypass technique to be discovered, and it almost certainly will not be the last, but Apple continues to burnish its reputation as being extremely quick to resolve issues as they are discovered, lending peace of mind to the legions of users of the company’s products.

If you own an iPhone 6 or iPhone 6s, it is very important to make sure you have the latest updates or you may fall victim to this vulnerability. Go to your settings screen and check to see if any updates are available, if you have available updates, make sure to backup and sync, then update to make sure your phone is secure.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.